Pen Testing of HHS Units Reveals Weaknesses

Operating divisions of the Department of Health and Human Services need to shore up security controls to more effectively detect and prevent certain cyberattacks, according to a new federal watchdog report.

In a summary report issued Wednesday, the HHS Office of Inspector General highlighted several security controls that need improvement across eight HHS operating divisions. The weaknesses included configuration management, access control, data input controls and software patching, the report notes. Similar concerns have been raised in previous OIG reports.

The OIG report is based on findings from a series of audits in fiscal years 2016 and 2017 at eight unnamed HHS operating divisions. Network and web application penetration testing was conducted by a third-party contractor to determine how well HHS systems were protected when subject to cyberattacks, the study notes.